HOME
NEWS

Demystifying the 3 key Stakeholders roles & responsibilities in GDPR


By VARINDIA - 2018-06-19
Demystifying the 3 key Stakeholders roles & responsibilities in GDPR

GDPR 2018 (General Data Protection Regulation) finally came into existence on the 25th May, 2018. GDPR & DPA (Data Protection Act) has become the most talked about discussion in the last few months, while GDPR superseded the DPA in the European union. The rest of the world still struggles to catch up with the pace.

 

The understanding is critical. EU data protection law only applies to “personal data”. Information that does not fall within the definition of "personal data" is not subject to EU data protection law. GDPR is critical for every Organisation that processes, collects, transmits and archives personal data that belongs to EU residents regardless of which country the business is located. Thus, the regulation applies even to organizations within India and other countries whose goal is processing any personal data of EU residents for whatsoever reason.

 

Understanding the key stakeholders and set rules in GDPR.

 

The Controller: The term "controller" is of prime importance since compliance obligations under EU data protection law are imposed on controllers. You may have joint controllers to share responsibilities considering the scale of business but the net regulations for the controllers do not change.

 

Rules for the Controller:

* The controller must adequately record multiple details regarding the transaction, including identity of the subject whose data is undergoing collection.

* Duration of storage.

* When an individual's personal information is subject to processing, the controller informs the subject and obtains consent when necessary.

 

The Processors: Processor are any entity, organization, or firm on a local, regional, or federal level that processes, collects, transmits, or archives personal data under the controller's instructions, both within and outside the EU. Processors also have direct compliance obligations under the GDPR. A lot of countries like India provide services and are hence directly compelled to fulfill GDPR compliance obligations. The controller initiates this engagement via a written agreement that binds the processor to the necessary obligations.

 

Rules for the Processor:

 

* Operate inline with documented instructions from the controller

* Enforce confidentiality agreement with individuals who manage processing of personal data and guarantee the security of personal data.

* Comply with the rules pertaining and implement necessary policies and processes that facilitate the controller's compliance with privacy rights of data subjects.

* Help the controller acquire approval from Data Protection Officers (DPOs).

* Return or delete personal data upon termination of the engagement.

* Furnish all information that demonstrates GDPR compliance.

* Maintain all accurate records of processing’s, that controller is mandated to keep. This includes details that identify the controller, processor, representatives, or DPOs.

* Capture various types of processing activities conducted at the behest of the controller are also to be recorded along with Cross-Border Data Transfers and the security protocol established to protect processed data.

 

Data protection officer (DPO): DPOs must be appointed in the case of public authorities, organizations that engage in large scale systematic monitoring and organizations that engage in large scale processing of sensitive personal data. If your organization doesn’t fall into one of these categories, then you do not need to appoint a DPO. This role is typically the enterprise security leadership role required by the General Data Protection Regulation (GDPR) who in turn will be responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.

 

Rules for the Data Protection Officer:

 

* Educating and training the company employees on important compliance requirements.

* Specialized training and agreement to guarantee security of personal data with staff involved in data processing.

* Conduct audits to ensure compliance and address potential issues proactively.

* Be the point of contact between the company and GDPR Supervisory Authorities.

* Monitor performance with necessary guidance on data protection efforts.

* Maintain comprehensive records of all data processing activities conducted by the company, including the purpose of all processing activities, which must be made public on request.

* Interfacing with data owners to inform them about how their data is being used, their rights to have their personal data erased, and share updates on what measures the company has put in place to protect their personal information.

 

The data protection officer performs his or her tasks with due regard to the risk associated with processing operations, considering the nature, scope, context and purposes of processing.

 

GDPR Governance Service from Crayon is a comprehensive GDPR management and risk mitigation solution. Aligning to the required policies & process frameworks for GDPR can save organisations from potential risks. Failure to prepare for the regulation could have serious consequences, not only to your bottom line, but also to your customer relationships and brand image.

 

Rajesh Thadhani
Director - Crayon Software Experts P. Ltd

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA